VPN: IKE V2 Support
IKE V2 is the newest innovation to IPSec and makes using of mobile clients a lot easier. I wish to integrate IKE V2 as soon as possible.
See: http://tools.ietf.org/html/rfc4306 (RFC 4306)
Aaron Marks commented
I so badly want to believe BuddyBuddy's comment below. We'll be in heaven if we can use UTM 9.6 with both AWS & Azure finally.
This feature is planned for UTM v9.6, later in this year.
CT Admin commented
Oh, man - this is around such a long time and Sophos users have to live in stoneage !
A bad shame for a product which claims to be professional and branch leading ...
Could we please add this feature.
Jeroen Vercoulen commented
Just to mention to you. IKEv2 isn't required by Azure. We have an S2S running with Azure on Sophos SG.
Ian Sime commented
I was told this today...
"It’s looking like it will be the middle of next year with the launch of V17 on the XG series of devices, it isn’t currently in the pipeline for UTM SG."
Stefan Milani commented
Need IKEv2 too. We use Sophos in Energy-Business and there are a lot of restrictions - e.g. IKEv2 - Please add this feature as soon as possibe!!
Philipp Gröpper commented
Very importent for us! Please keep it!
Mike Sauer commented
Andrew, We consider switching clients to Fortinet but Meraki sounds interesting as well. Does Meraki's product allow point to site connections to Azure?
Please keep it. For we need this for some clients.
Andrew Kay commented
Same. Meraki won over our business with a better overall VPN solution. Planned on boarding of three new SG135's and an upgrade of 2x UTM 220's to equivalent SG series are cancelled and two existing installs of SG135's are going to Meraki when they come up for renewal.
Pity as the UTM 'was' such a good product.
Sotirios Spinos commented
About to cancel an order of 4 * SG UTM and go to Fortinet. It's a pitty that there is no support for ikev2.
@StrongSWAN.. nothing you wrote seems it would be a problem. But what do you mean by "UTM"? If you are referring to UTM being an instance of Sophos, and then you want to have a Pi with StrongSWAN "between" the device and the UTM.. then the question goes to what your network looks like. However... the StrongSWAN IPSec router can also exist BEHIND a UTM. You can NAT IPSec traffic through a UTM or other FW and terminate the IPSec tunnel behind it somewhere. That is exactly what we did. And we actually had moved several IPSec tunnels from a UTM to another Linux VM behind it without even affecting the clients. Can email me directly for more help: firstname.lastname@example.org
coewar, We need to point-to site connect all sorts of non-Windows devices in various locations to Azure, eg a couple of VoIP phone in one location, a particular scanner that accesses a Azure drive in another location, a Linux machine in a third location etc. I think it would be cool to have your StrongSWAN solution on a Raspberry Pi that could then simply be put between the device and the UTM. Is this viable?
UTM 9.4 "elevated" ...still no IKEv2 support! It's needed for Microsoft Azure!!!
Many customers will switch to a product which supports IKEv2.
J B, same problem with my client. IKEv2 needed for Azure. To which product has your client decided to switch?
J B commented
AZURE requires IKEv2. I have clients at the end of their cycle and are ready to switch over. Unable to push them the XG line of firewalls. Going to cost Sophos a lot of money.
Mahdi Hedhli commented
They are working on this for the XG (Copernicus) line but unlikely it will gain support on UTM. Sure hope so!
Company and Contact Information
Company: Garnes Data AS
Sophos Product: SOphos UTM
Feature Request Summary: Need to have support for VPN: IKE V2 to set up Azure site 2 site vpn
How will this new feature address your business requirements?: Well without this feature we simply stop to sell Sophos, since we cannot use it with our datacenter and public azure.
How would you rate the importance of this feature?; 1 = Critical, 5 = Nice-to-have: 1
That's actually my request. But none-the-less... we abandoned this product and company and use straight up StrongSWAN and it works awesome.
Again, if you need help with this: email@example.com